1717 – Incorrect FORGED_MUA_OUTLOOK

Bug 1717 - Incorrect FORGED_MUA_OUTLOOK

Summary: Incorrect FORGED_MUA_OUTLOOK

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Regression Tests (show other bugs)
Version:	2.51
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	2.60
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Duplicates (5):	1992 1995 2009 2022 2230 (view as bug list)
Depends on:
Blocks:

Reported:	2003-03-31 10:02 UTC by Arno Roefs
Modified:	2003-07-16 05:37 UTC (History)
CC List:	8 users (show)

Attachment	Type	Actions	Submitter/CLA Status
Test mail getting the -3, note that total is 0.5 because of bayes.	text/plain	None	Arno Roefs
Another mail sent from the same system, now using Opera 7	text/plain	None	Arno Roefs
here's an e-mail with headers	text/plain	None	Lee Howard
My patch to avoid FORGED_MUA_OUTLOOK on base64 Message-Ids	patch	None	Patrick Monnerat
Example of FORGED_MUA_OUTLOOK with Outlook 2003 Beta and smtp server	text/plain	None	Priit Kadastik
Another example (Outlook 2003 Beta, smtp server with TLS)	text/plain	None	Priit Kadastik
Email from Outlook 2003 beta, build 11.4920. Looks like a different ID format, again.	text/plain	None	Tom Hudson
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arno Roefs 2003-03-31 10:02:03 UTC

When using Outlook 2003 BETA 2 to send mail all sent mail is marked with 
FORGED_MUA_OUTLOOK.

Comment 1 Malte S. Stretz 2003-03-31 14:23:07 UTC

Please attach a sample mail (via the "Create a new attachment link", including 
all headers).

Comment 2 Arno Roefs 2003-03-31 23:25:28 UTC

Created attachment 853 [details]
Test mail getting the -3, note that total is 0.5 because of bayes.

Comment 3 Daniel Quinlan 2003-04-01 03:28:22 UTC

Can you send a message from that same machine using a different mail program
(one not written by Microsoft) and attach a sample mail?

I want to compare it with your first attachment.

Comment 4 Arno Roefs 2003-04-01 03:45:23 UTC

Created attachment 854 [details]
Another mail sent from the same system, now using Opera 7

Comment 5 Lee Howard 2003-04-14 21:39:51 UTC

I'm having the same kind of trouble (non-spam mail sent from Outlook triggering 
the FORGED_MUA_OUTLOOK flag).  I'll attach a header-ful message if I can get 
one.

Comment 6 Lee Howard 2003-04-15 11:16:05 UTC

Created attachment 885 [details]
here's an e-mail with headers

Comment 7 martin etherton 2003-04-16 05:15:34 UTC

Could it be that spamassasin incorrectly reports the FORGED_MUA_OUTLOOK if you 
have the line:
X-Mailer: Microsoft Outlook, Build 10.0.4024
in the headers ?
We tested it with this header and spam assasin reported our test mail as 
FORGED_MUA_OUTLOOK.
With another version eg.
X-Mailer: Microsoft Outlook, Build 10.0.2627
there was no FORGED_MUA_OUTLOOK flag raised

Comment 8 martin etherton 2003-04-16 05:57:11 UTC

Or could it be to do with the Message ID not meeting the required format ?
I believe there was a problem with the message id in my case and the message id 
in Lee's attachment certainly didn't conform to the required format.

Comment 9 Lee Howard 2003-04-17 07:51:59 UTC

I'm not sure what the "required" message-id format is, but I can assure you 
that the mail I've presented was sent from Microsoft Outlook, so therefore it 
is using a correct Outlook message-id format.  If SpamAssassin does not 
acknowledge this message-id format as valid, then it's a bug.

Comment 10 Patrick Monnerat 2003-04-29 10:58:16 UTC

Same problem: Some outlook versions generate a message-id which is a base64 
encoded string, definitively NOT matching the spamassassin outlook patterns. 
They seem to all begin with:
<!~!UENERkVCMDkA
which is "PCDFEB09\0" in base64.

Attachment 885 [details] matches this format.

I have found some hints in a UseNet discussion that can be found at 
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-
8&safe=off&threadm=fa.hrr9nud.ei00af%40ifi.uio.no&rnum=1&prev=/groups%3Fq%
3DPCDFEB09%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26safe%3Doff%26selm%
3Dfa.hrr9nud.ei00af%2540ifi.uio.no%26rnum%3D1

'hope it helps

Comment 11 Patrick Monnerat 2003-04-29 12:22:45 UTC

Created attachment 923 [details]
My patch to avoid FORGED_MUA_OUTLOOK on base64 Message-Ids

Comment 12 Priit Kadastik 2003-05-19 04:10:07 UTC

Created attachment 973 [details]
Example of FORGED_MUA_OUTLOOK with Outlook 2003 Beta and smtp server

Comment 13 Priit Kadastik 2003-05-19 04:25:05 UTC

Created attachment 974 [details]
Another example (Outlook 2003 Beta, smtp server with TLS)

Comment 14 jason 2003-06-01 10:00:38 UTC

*** Bug 1992 has been marked as a duplicate of this bug. ***

Comment 15 Theo Van Dinter 2003-06-01 10:52:20 UTC

*** Bug 1995 has been marked as a duplicate of this bug. ***

Comment 16 Rod Begbie 2003-06-05 11:17:59 UTC

*** Bug 2022 has been marked as a duplicate of this bug. ***

Comment 17 Rod Begbie 2003-06-05 11:18:07 UTC

*** Bug 2009 has been marked as a duplicate of this bug. ***

Comment 18 Justin Mason 2003-06-05 11:30:04 UTC

ok, we'd better fix this for 2.60 ;)

There is no reliable part of the msgid to match. :(   !~!UENERkVCMDkA -- Priit's
examples do not use that.  And att 853 had *no* msgid when submitted to postfix!
An exemption from the rule based on build number in X-Mailer seems the only
viable option.

Folks, if you have messages with other Message-ID formats not covered here,
please attach samples.

Comment 19 Tom Hudson 2003-06-06 03:28:02 UTC

Created attachment 1011 [details]
Email from Outlook 2003 beta, build 11.4920. Looks like a different ID format, again.

Comment 20 Justin Mason 2003-06-07 15:47:50 UTC

as noted on the -dev list, Rod sent me a few more.  Basically Outlook 2003 does
not add *any* messageid -- the ones here are from the server, so we can't use
that for filtering.

Comment 21 Justin Mason 2003-06-09 22:38:24 UTC

ok, just checked in T_FORGED_MUA_OUTLOOK, a replacement rule, let's see
how it does.

Note that MS Outlook 2003 takes the pretty dubious path of *not* adding
any Message-ID at all -- in one case, *my* MX added it for the message.
This is a very strong spamsign, adding 2.0 points.   But that's not
the main problem -- there's several large ISPs who'll bounce messages
with this behaviour, outright.

Comment 22 Daniel Quinlan 2003-06-10 15:26:59 UTC

Justin - fix looks good, I merged it into the existing rule.

  9.885  19.0218   0.0605    0.997   0.98    3.87  FORGED_MUA_OUTLOOK
  9.874  19.0201   0.0391    0.998   0.99    0.01  T_FORGED_MUA_OUTLOOK

Comment 23 Justin Mason 2003-07-16 10:43:45 UTC

*** Bug 2230 has been marked as a duplicate of this bug. ***

Comment 24 Yanni Zino 2003-07-16 13:37:58 UTC

*** Bug 2230 has been marked as a duplicate of this bug. ***